Security readout for executives and security teams
Plain-English summary
This vulnerability can let an unauthenticated remote actor disrupt affected MicroLogix 1400 controllers by sending malformed DNP3 traffic. The business risk is process disruption, not data theft. Exposure matters most where DNP3 is enabled and reachable over Ethernet or serial paths.
Executive priority
Treat this as a high-priority operational resilience issue for affected control environments. Prioritize plants or remote sites where DNP3 is enabled and reachable, because successful exploitation can disrupt controlled processes.
Technical view
CVE-2014-5410 is improper input validation in the DNP3 feature of Rockwell Automation Allen-Bradley MicroLogix 1400 controllers. Sources describe denial of service from malformed packets over Ethernet or serial. Affected versions include Series A FRN 7 and earlier, and Series B before FRN 15.001.
Likely exposure
Likely exposure is limited to environments using MicroLogix 1400 controllers with DNP3 enabled and reachable. Internet exposure would increase urgency, but the provided sources do not state common internet exposure or specific deployment prevalence.
Exploitation context
The CVE is not listed as CISA KEV in the supplied bundle. The sources support remote denial of service potential, but do not provide evidence of active exploitation, public weaponization, or compromise campaigns.
Researcher notes
Available evidence supports a remote unauthenticated availability impact through malformed DNP3 input. The provided bundle does not include exploit details, active exploitation evidence, or complete remediation text for every affected Series, so validation should stay anchored to vendor and CISA advisories.
Mitigation direction
- Identify MicroLogix 1400 controllers and record Series and FRN levels.
- For Series B, update vulnerable firmware to FRN 15.001 or later where applicable.
- Review Rockwell Automation and CISA guidance for Series A remediation options.
- Disable DNP3 where it is not operationally required.
- Restrict DNP3 access to trusted ICS paths only.
Validation and detection
- Inventory controllers and confirm exact Series, catalog family, and FRN version.
- Verify whether DNP3 is enabled on each controller.
- Check whether DNP3 is reachable over Ethernet or serial links.
- Confirm firmware status against Rockwell Automation and CISA advisories.
- Review monitoring for unexpected controller resets or process disruptions.
Public sources used
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
CWE-20: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
Open ATT&CK lookupCVE-2014-5410 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
Open ATT&CK lookup- Severity
- High
- CVSS
- 7.1 (2.0)
- Known Exploited
- No
- Published
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
CNA and ADP enrichment extracted from CVE v5
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
CVSS vector scores
1 official scoreWe collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
AV:N/AC:M/Au:N/C:N/I:N/A:C8.66.9Primary CVE scoreVulnerability scoring details
Base CVSS 2.0 score
7.1HighVector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Source materials
- CVE List V5 sourceCVE List V5
- https://rockwellautomation.custhelp.com/app/answers/detail/a_id/620295CVE reference
- https://www.cisa.gov/news-events/ics-advisories/icsa-14-254-02CVE reference
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2014/icsa-14-254-02.jsonCVE reference
- https://ics-cert.us-cert.gov/advisories/ICSA-14-254-02CVE reference · x_refsource_MISC, x_transferred
Products and packages named in the record
CWE details
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
